If your password winds up in a mega-breach such as the ones at Yahoo, Dropbox or Tumblr, it can be easy for a hacker to take over your account – especially if you reuse the same password across multiple services. But it isn’t always easy to tell if your password has been stolen, and companies can sometimes take years to notify users of a breach.
1Password is making it easier to find out if your password is breached. Photo: AP
One of the easiest ways to find out if your password has leaked is by checking Have I Been Pwned, a breach database run by security expert Troy Hunt. And now the password management service 1Password is trying to make it even easier by incorporating Hunt’s Pwned Passwords data into its service, TechCrunch reports. Users will be able to check their passwords to find out if they have been breached, and will be nudged to change their passwords if they’re not secure.
Here’s how the integration works:
1Password users can access the tool by opening their password vault and clicking on one of their credentials. They then need to press Shift-Control-Option-C (or Shift+Ctrl+Alt+C on Windows), and a “Check Password” button will appear next to their password. Click that, and 1Password will let you know if your password appears in the Pwned Password database.
Hunt assembled hundreds of millions of dumped credentials to create the Pwned Password data.
“The point of the web-based service is so that people who have been guilty of using sloppy passwords have a means of independent verification that it’s not one they should be using any more,” Hunt wrote. “Mind you, someone could actually have an exceptionally good password but if the website stored it in plain text then leaked it, that password has still been ‘burned’.”